Dyce & Sons Ltd.

Helping IT since 1993

Links

Vigor 2800vg

Monday 24th April, 2006

The Vigor 2800VG is an ADSL2/2+ VoIP SuperG VPN Router. In terms of jargon per square inch, that description must be up there with the best of them, but what does it mean? Well, first off, it’s an ADSL router, that lets you connect a network of Macs and PCs to the internet via an ADSL connection. As the replacement for the redoubtable 2600VG, the main benefit of the 2800VG is its support for ADSL2 and ADSL2+ compliance: if you’re lucky enough to be situated close enough to an exchange where BT is trialling faster broadband speeds, then the 2800VG will cope with (contention allowing) up to 24Mbps downstream and 1Mbps upstream.

Fire It Up

Installation is as straightforward as any other ADSL router in its class. Plug it into your broadband-enabled telephone socket, connect it via an ethernet cable to your Mac, fire up a browser, pull up the router’s built-in web server, click on the Quick Start Wizard, fill in your username and password, and you’re pretty much done. Total installation time: under three minutes.

It also serves wireless Macs - the G part of 2800VG stands for SuperG, the (up to) 108Mbps wireless standard. AirPort Extreme manages 54Mbps, so as a wireless router at present this is overkill, unless of course you share an office with SuperG-supporting PCs. (When it ships from the factory, the wireless is active and it’s possible - we know, we tried - to configure the router wirelessly.) The device features twin 3db unscrewable aerials, which you can swap out for (optional extra) 5db aerials. For the security conscious, the router supports the usual array of wireless security protocols (WEP, WPA, and WPA2), plus the ability to schedule wireless access (during office hours only, for example), and even restrict access to specific MAC-addressed devices. For the truly paranoid, the 2800VG now support authentication via 802.1x protocols (Radius server, EAP-TLS).

Full Protection

Its other main purpose is as a firewall, featuring full packet inspection, routed connections, and rule-based packet filtering. It offers the usual port-forwarding and DMZ options for putting a server ‘out in the open’, as well as a Multi-NAT option that lets you map different Public IP addresses to different private IP addresses. (DrayTek claims that it offers protection against IP address spoofing, and there’s also a DoS/DDoS protection option. Thankfully this is difficult to test.)

As well as a providing protection from nefarious outsiders, it also prevents insiders from running amok, with a selection of content filtering methods. URL keyword blocking lets you stop people connecting to domains containing ‘XXX’ or ‘Microsoft’ for example. You can also use ‘whitelisting’ - so you can make sure that users are only allowed access to specified URLs. You can also block HTTP downloading by filetypes (so no ZIP, EXE, and WAV files say), and the use of JAVA applets and PC users' ActiveX controls. And to deal with the office clever-clogs you can ensure that direct IP addressing is forbidden, so they can only use text-based URLs.

If corporate espionage keeps you awake at night, why stop there - Instant Messaging and peer-to-peer sharing applications can also be blocked. If your worries are more parental in nature, DrayTek also includes a 30-day SurfControl trial (£25 yearly subscription), so traffic can be filtered by SurfControl’s auto-updating view of a site’s content heading - gambling, sex, hate speech, and, yes, politics are among several choices available. It all adds up to a pretty comprehensive range of filters, especially since the restrictions can be automatically enabled or disabled via a predetermined schedule.

Via the web interface, you can configure the four ethernet ports at the back into virtual LANs - so the same router can be used to serve four entirely different networks. Each port can also be throttled, so that each gets a quarter share of your 24Mb pipe, for example, and one bandwidth hog can’t spoil the party for the other users.

V is for VoIP

The V in 2800VG stands for VoIP. The two FXS ports at the back each accept an adaptor for connecting to a standard telephone receiver. To use them for phone calls, you’ll need an account (or two) with a SIP Registrar. DrayTek provides a voucher for £2 worth of calls with their proprietary DrayTel service, but other registrars will work equally well (such as sipgate or iptel). In an improvement to the 2600VG, you can now define up to six different accounts, and choose which phone rings (either or both) on incoming calls, and what the preferred SIP account for dialling out on each phone is. You can specify a schedule so phones don’t ring out of hours, and there’s a built-in 99-number Phone Directory. The DrayTek also features QoS throttling; bandwidth is automatically reserved for incoming and outgoing calls, so that background downloading won’t interfere with call quality.

Most users in the field often took the V of 2600VG to mean VPN. DrayTek was among the first manufacturers to ship an ADSL router that would support VPN pass-through and act as a VPN server as well. The 2800VG supports both ‘dial-in’ teleworker, and office-to-office LAN connections. How many? Depending on who you ask, 16 (UK Press Office) or 32 (Taiwan HQ’s website) concurrent connections. DrayTek’s reliability and straightforward VPN set-up is well known, and in use the 2800VG seems to be as fire-it-up-and-forget as its 2600VG predecessor.

Oh, and before we forget, it’s also a network printer connection, providing a USB connector on the back that lets you print to a connected printer via Mac OS X’s built-in LPR printer driver.

Buying Advice

Looking through its web interface, one might be forgiven for expecting to see ‘make toast’ as a menu option, so for small offices this router is a must-have. For home users, as an ageing router replacement, or for ensuring reliable VPN access for a teleworker, the 2800VG is also the obvious choice.